package cn.china.myspringboot.controller;


import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class ShiroController {

    @RequestMapping("/login2")
    public void login2(String username,String password){//登录验证
        Subject subject = SecurityUtils.getSubject();//获取Subject对象

        UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(username, password);
        subject.login(usernamePasswordToken);//登录操作,当调用subject.login()方法时,会执行Realm中的doGetAuthenticationInfo()方法
        subject.checkRole("admin");
        subject.checkPermission("query");

    }


    @RequiresRoles("user2")
    @RequiresPermissions("add3")
    @RequestMapping("/hello")
    public String hello(){
        System.out.println("你好");
        return  null;
    }


}
